NimbostratusWould like to find out how to properly configure F5 LTM to use AJP protocol when talking to tomcat server running hybris on port 8009.
Traffic is coming in on port 443 (SSL) and I need to offload that traffic and send down port 8009 using AJP (Apache JServ Protocol).
Any and all help appreciated
I'm fairly certain that the F5 cannot translate HTTP to AJP. I've always used something like Apache with mod_ajp or mod_jk to do this step. If you add Apache to your configuration then it is definitely possible.
NimbostratusThanks very much. We are in the process of moving F5 into production. Our attempts at simple SSL Offload, from port 443 to port 9002 (hybris) AJP has proven a bit of a challenge. It seems to be mostly working now. Apache as a LB and AJP was a plan B as we are using it in our performance environment which is not migrated yet.
Another question for you. Out of 20,000 service calls through the F5 to hybris, we had 6 failures (see below). Would you consider this normal or not normal? You would think if it worked once, it should always work, but life is full of suprises. Would be interested in your thoughts.
DEBUG output created by Wget 1.12 on xxxx.1.0.0. --2013-10-05 19:15:37-- https://hb-xxxx.cs.xxx/rest/v1/xxxbasesite/prices Resolving hb-xxx.cs.xxx... 192.xxx.xx.xxx Caching hb-xxx.cs.xxx => 192.xxx.xx.xxx Connecting to hb-xxx.cs.xxx|192.xxx.xx.xxx|:443... connected. Created socket 5. Releasing 0x200615c8 (new refcount 1). Initiating SSL handshake. SSL handshake failed. Closed fd 5 Unable to establish SSL connection.
Personally, I prefer to use Apache in front of Tomcat because I am more familiar with how it behaves (F5 -> Apache -> Tomcat AJP connector).
Ultimately it all depends on your needs. F5 -> Tomcat HTTP connector should be perfectly fine for most use cases. A quick search suggests that either method should end up with similar results, but you should test, test, test!
What duration were the 20,000 calls made? It is possible that you may have hit a SSL TPS threshold.
NimbostratusMy thought as well. 100 simultaneous sessions of 100 requests each for a total of 10,000 requests from each server. Of the 20,000 requests made, 6 failed with no SSL connection.
Duration over two servers of 1 minute for each server hitting the F5 and distributing to 3 servers (hybris)
Timing is as follows:
0 sec 13,835 times 1 sec 4,414 times 2 sec 1,036 times 3 sec 365 times 4 sec 212 times 5 sec 67 times 6 sec 52 times 7 sec 4 times 8 sec 3 times 9 sec 9 times
AltostratusHi Edh, we are facing similar issues. F5 -> tomcat using HTTP connector. There is NO apache in the picture. Use case is to load-balance to the Tomcats directly. From F5 it should be straight-forward for the load balancing piece, but on the tomcats is there a specific config to make it work?
NimbostratusWe never did have any luck.
